Cisco Secure Firewall 6100 Series Data Sheet
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The Cisco Secure Firewall 6100 Series is an AI-ready, ultra-high-end firewall, engineered to deliver exceptional throughput per rack unit. Optimized for high-performing data center and telecommunications mobility infrastructure environments, the 6100 Series features a multi-socket, multi-core architecture that enables rapid threat inspection. It’s dedicated cryptographic modules facilitate high-throughput IPSec and TLS connection termination at scale, providing industry-leading cryptographic performance within its two rack unit (RU) form factor.
Table 1. Key highlights of Cisco Secure Firewall 6100 Series
| Secure Firewall 6100 Series with Firewall Threat Defense Software |
|
| Unmatched performance:
● Gain up to 570 Gbps of throughput from a single 2 rack unit device when enabling the next-generation firewall capabilities, including intrusion prevention system (IPS).
● Support wide variety of network module, starting from 1G to high performance 400G QSFP DD network modules.
|
Superior visibility:
● Gain insight into encrypted traffic at line rate with the Encrypted Visibility Engine (EVE). Selectively decrypt TLS 1.3 and Quick UDP Internet Connections (QUIC) traffic as necessary.
● Accurately identify and control more than 8200 applications, enabling precise policy enforcement across cloud, SaaS, and custom workloads.
|
| Carrier-grade firewalling:
● Enable clustering, Carrier-Grade Network Address Translation (CGNAT), and carrier license package to obtain high performance for service providers.
● Inspect GPRS Tunneling Protocol (GTP), Session Initiation Protocol (SIP), Diameter, and other telecom protocols at scale.
|
Advanced threat defense:
● With SnortML, a machine learning technology for threat detection, you can protect your network against zero-day vulnerabilities without requiring new signature updates.
● Perform on-premises dynamic analysis with Spero, ClamAV and cloud-based sandboxing to detect and stop evasive malware.
|
| Robust high availability:
● 6100 Series features N+1 clustering scalability, N+1 fan redundancy, and 1+1 power redundancy.
● With its fail-to-wire network module, 6100 Series firewall enables continuous connectivity even in case of any data plane failure.
|
Simplified management:
● Define a policy once and enforce it across Cisco and third-party firewalls with the Mesh Policy Engine.
● Streamline rule creation and reporting with Cisco AI Assistant, a built-in capability of unified management platform.
|
Front panel of 6100 Series firewall chassis
Front panel of 6100 Series firewall (with two network modules)
Back panel of 6100 Series firewall
3D view of 6100 Series firewall chassis
Cisco Secure Firewall 6100 Series supports both Firewall Threat Defense (FTD) and Adaptive Security Appliance (ASA) software. The FTD software offers all the advanced next-generation security capabilities, whereas ASA software can deliver higher throughput for stateful inspection.
Table 2. Cisco Secure Firewall 6100 Series performance with the Cisco Secure Firewall Threat Defense (FTD) software
| Metric |
6160 |
6170 |
| Throughput: FW + AVC (1024B) |
520 Gbps |
635 Gbps |
| Throughput: FW + Intrusion Prevention System (IPS) (1024B) |
500 Gbps |
570 Gbps |
| NGFW Throughput: FW + AVC + IPS (1024B) |
500 Gbps |
570 Gbps |
| IPSec VPN Throughput (1024B TCP w/Fastpath) |
400 Gbps |
490 Gbps |
| TLS decryption |
100 Gbps |
150 Gbps |
Table 3. Cisco Secure Firewall 6100 Series performance with the Cisco Adaptive Security Appliance (ASA) software
| Metric |
6160 |
6170 |
| Stateful inspection firewall throughput (1500 B UDP) |
600 Gbps |
700 Gbps |
| Stateful inspection firewall throughput (HTTP 1024 Byte) |
600 Gbps |
700 Gbps |
| IPsec VPN throughput (450B UDP L2L test) |
300 Gbps |
370 Gbps |
Note: Performance will vary depending on features activated, network traffic protocol mix, and packet size characteristics. Performance is subject to change with new software releases. Consult your Cisco representative for detailed sizing guidance.
Table 4. Cisco Secure Firewall 6100 Series scalability with the Cisco Secure Firewall Threat Defense (FTD) software
| Metric |
6160 |
6170 |
| Maximum concurrent sessions, with AVC |
75 Million |
105 Million |
| Maximum new connections per second, with AVC |
1.5 Million |
2.7 Million |
| Maximum VPN peers |
60 K |
60 K |
| Maximum virtual router instances (VRF) |
250 |
|
| High availability |
Active/Standby |
|
| Instances (Multi-Instance) |
Available in future release |
|
| Clustering |
4 units (16 in future release) |
|
Table 5. Cisco Secure Firewall 6100 Series scalability with the Cisco Adaptive Security Appliance (ASA) software
| Metric |
6160 |
6170 |
| New connections per second |
4.5 Million |
5.5 Million |
| Concurrent firewall connections |
180 Million |
180 Million |
| Maximum VPN Peers |
60 K |
60 K |
| High availability |
Active/Standby |
Active/Standby |
| Security contexts |
Included 2, maximum 250 |
|
| Clustering |
4 (16 in future release) |
|
Table 6. Cisco Secure Firewall 6100 Series hardware specifications
| Specification |
6160 |
6170 |
| Form factor |
2 RU for 19" Rack |
|
| Fixed ports |
12x1/10/25/50 SFP56 Ethernet Ports + 4x40/100/200 QSFP56 Ports |
|
| Management Ethernet |
2 x 1/10/25/50 Gigabit Ethernet ports (SFP56) |
|
| Network modules |
● 8-port 1Gbps copper, FTW (fail to wire) Network Module. Ports that are not configured as FTW can be used as regular 1 Gb copper ports
● 8 x 1/10 Gigabit Ethernet Small Form-Factor Pluggable (SFP+) network modules
● 8 x 1/10/25 Gigabit Ethernet Small Form-Factor Pluggable (SFP28) network modules
● 4 x 40 Gigabit Ethernet Quad SFP+ network modules
● 4 x 40/100/200 Gigabit Ethernet Quad SFP28 (QSFP28) network modules
● 2 x 100G Gigabit Ethernet QSFP SFP28 network modules
● 2 x 400G Gigabit Ethernet QSFP DD network modules
● 6-port 10Gbps SR Fiber FTW (fail to wire) Network Module
● 6-port 10Gbps LR Fiber FTW (fail to wire) Network Module
● 6-port 25Gbps LR Fiber FTW (fail to wire) Network Module
● 6-port 25Gbps SR Fiber FTW (fail to wire) Network Module
|
|
| Maximum number of interfaces |
Up to 24 x 1/10/25/50 Gigabit Ethernet (SFP56) interfaces across fixed ports; up to 8 x 40 Gigabit Ethernet (QSFP+) interfaces with 2 network modules; up to 12 x 100/200 Gigabit Ethernet (QSFP56) interfaces across fixed ports and with 2 network modules; up to 4 x 400 Gigabit Ethernet (QSFPDD) interfaces with 2 network modules Note: The above port counts do not factor in the breakout capability supported by different interfaces. |
|
| Console port |
1 x RJ-45 console |
|
| USB port |
1 USB 3.0 |
|
| Storage |
2 x 3.6 TB |
2 x 7.2 TB |
| Transceiver support |
Refer to Cisco Secure Firewall (CSF) 6100 Hardware Installation Guide |
|
| Mean Time Between Failure (MTBF) |
● Chassis: 212 K Hrs
● Power Supply AC: 8 Mn Hrs
● Power Supply DC: 8 Mn Hrs
● Fan Module: 4.25 Mn Hrs
|
● Chassis: 206 K Hrs
● Power Supply AC: 8 Mn Hrs
● Power Supply DC: 8 Mn Hrs
● Fan Module: 4.25 Mn Hrs
|
| Chassis dimensions (HxWxD) |
3.5” H x 16.9” W x 32.5” D |
|
| Weight |
66lbs (fully loaded) |
|
| Cooling |
4 Field Replaceable Fan module; every module has 2 fans |
|
| Rack mountable |
Yes, mount rails included (4-post EIA-310-D rack) |
|
| Power Supply Details |
||
| Configuration |
2 Power Supplies. Up to 3000W each PSU, Hot-Swappable, Load-Sharing Redundancy |
|
| AC input voltage |
100 to 120 VAC (HVAC low line); 200 to 240 VAC (HVAC high line) |
|
| AC input frequency |
50—60 Hz |
|
| AC current draw, maximum |
13 Amperes |
14 Amperes |
| DC input voltage |
—48VDC to —60VDC |
|
| Power consumption, typical |
1740 Watts |
2010 Watts |
| Power consumption, maximum |
2440 Watts |
2760 Watts |
| Redundancy |
1+1 Redundancy |
|
| Temperature: operating |
32°F to 104°F (0°C to 40°C) |
|
| Humidity: operating |
5% to 90% (non-condensing) |
|
| Altitude: operating |
0 to 10,000 ft. De-rate the maximum operating temperature 1°C/1K-ft. above 6000 ft. |
|
| Acoustic noise |
Sound Pressure: <=74 dBA (typical), <= 90 dBA (maximum) Sound Power: <=81 dB (typical), <=98 dB (maximum) |
|
| Non-operating/storage environment |
||
| Temperature: nonoperating |
–40F° to –85°F (–40°C to –65°C) |
|
| Humidity: nonoperating |
5% to 95% (non-condensing) |
|
| Altitude: nonoperating |
40,000 ft. |
|
For details on product regulatory compliance in a specific market, consult the Cisco Product Approvals tool.
Table 7. Cisco Secure Firewall 6100 Series Network Equipment Building System (NEBS), regulatory, safety, environmental and Electromagnetic Compatibility (EMC) compliance
| Specification |
Description |
| Regulatory compliance |
Products comply with CE markings per directives 2004/108/EC and 2006/108/EC |
| Safety |
● UL 62368-1
● UL 60950-1
● CAN/CSA-C22.2 No. 62368-1
● CAN CSA C22.2 60950-1
● EN 62368-1
● IEC 62368-1
● AS/NZS 62368.1
● GB4943.1
|
| EMC: Emissions |
● FCC 47CFR15 Class A
● AS/NZS CISPR 32 Class A
● EN55032/CISPR 32 Class A
● ICES-003 Class A
● VCCI Class A
● KS C 9832 Class A
● CNS-13438 Class A
● EN61000-3-2 Power Line Harmonics
● EN61000-3-3 Voltage Changes, Fluctuations, and Flicker
|
| EMC: Immunity |
● EN61000-6-2 Generic Immunity Standards
● IEC/EN61000-4-2 Electrostatic Discharge Immunity
● IEC/EN61000-4-3 Radiated Immunity
● IEC/EN61000-4-4 EFT-B Immunity
● IEC/EN61000-4-5 Surge
● IEC/EN61000-4-6 Immunity to Conducted Disturbances
● IEC/EN61000-4-11 Voltage Dips, Short Interruptions, and Voltage Variations
● KS C 9835
|
| EMC: ETSI/EN |
● EN 300 386 Telecommunications Network Equipment (EMC)
● EN55032/CISPR32 Multimedia Equipment (Emissions)
● EN55035/CISPR 35 Multimedia Equipment (Immunity)
● EN61000-6-1, EN61000-6-2 Generic Immunity Standards
|
The product IDs of the Cisco Secure Firewall 6100 Series hardware appliances are listed below. For information on licenses, subscriptions, and other options associated with the product, refer to the Cisco Network Security Ordering Guide.
Table 8. Cisco Secure Firewall 6100 Series Product IDs
| Product ID |
Description |
| CSF6160-A-TD-K9 |
Cisco Secure Firewall 6160 Appliance, Threat Defense |
| CSF6160-A-ASA-K9 |
Cisco Secure Firewall 6160 Appliance, ASA |
| CSF6170-A-TD-K9 |
Cisco Secure Firewall 6170 Appliance, Threat Defense |
| CSF6170-A-ASA-K9 |
Cisco Secure Firewall 6170 Appliance, ASA |
Information about Cisco’s environmental sustainability policies and initiatives for our products, solutions, operations, and extended operations or supply chain is provided in the “Environment Sustainability” section of Cisco’s Corporate Social Responsibility (CSR) Report.
Table 9. Reference links to information about key environmental sustainability topics (mentioned in the “Environment Sustainability” section of the CSR Report)
| Sustainability topic |
Reference |
| Information on product material content laws and regulations |
|
| Information on electronic waste laws and regulations, including products, batteries, and packaging |
Cisco makes the packaging data available for informational purposes only. It may not reflect the most current legal developments, and Cisco does not represent, warrant, or guarantee that it is complete, accurate, or up to date. This information is subject to change without notice.